JUNOSe 7.2.x Policy Management Configuration Guide
170 ! Configuring RADIUS-Based Mirroring
Example Configuring RADIUS-Initiated Mirroring When a User is Already Logged In
When a mirroring operation is initiated for a user who is already logged in, the
RADIUS server uses change-of-authorization messages and passes the required
RADIUS attributes and the identifier of the currently running session to the E-series
router. The router uses this information to create the secure policy and attaches it to
the interface that is created for the user. The E-series router must be configured to
accept change-of-authorization messages from the RADIUS server.
1. Specify the RADIUS dynamic-request server, and enter RADIUS configuration
mode.
host1(config)#radius dynamic-request server 192.168.11.0
2. Specify the UDP port used to communicate with the RADIUS server.
host1(config-radius)#udp-port 3799
3. Create the key used to communicate with the RADIUS server.
host1(config-radius)#key mysecret
4. Configure the router to receive change-of-authorization messages from the
RADIUS server.
host1(config-radius)#authorization change
host1(config-radius)#exit
host1(config)#exit
5. Verify your RADIUS-initiated mirroring configuration.
host1#show radius dynamic-request servers
RADIUS Request Configuration
----------------------------
Change
Udp Of
IP Address Port Disconnect Authorization Secret
------------- ---- ---------- ------------- ------
10.10.3.4 3799 enabled enabled mysecret
6. Create the analyzer port.
host1(config)#interface fastEthernet 4/0
host1(config-if)#ip analyzer
To Next Page
Loading...
Need help?
General
